saltstack学习

https://docs.saltproject.io/en/latest/contents.html ##官网

salt-master:

[root@salt-master ~]# systemctl stop firewalld

[root@salt-master ~]# systemctl disable firewalld

[root@salt-master ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux

[root@salt-master ~]# reboot

[root@salt-master ~]# cat /etc/hosts
192.168.111.128 salt-master
192.168.111.129 salt-client01

[root@salt-master ~]# sudo rpm --import https://repo.saltproject.io/py3/redhat/7/x86_64/3004/SALTSTACK-GPG-KEY.pub
[root@salt-master ~]# curl -fsSL https://repo.saltproject.io/py3/redhat/7/x86_64/3004.repo | sudo tee /etc/yum.repos.d/salt.repo

[root@salt-master ~]# sudo yum install salt-master -y

[root@salt-master ~]# sudo systemctl enable salt-master && sudo systemctl start salt-master

[root@salt-master ~]# sudo yum clean expire-cache

[root@salt-master ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt-client01
Rejected Keys:
[root@salt-master ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
salt-client01
Proceed? [n/Y] y
Key for minion salt-client01 accepted.

[root@salt-master ~]# salt-key -a salt-client01 # -a=-add -A=all add -d=delete -D=all delete
The key glob 'salt-client01' does not match any unaccepted keys.

[root@salt-master ~]# salt-key -L
Accepted Keys:
salt-client01
Denied Keys:
Unaccepted Keys:
Rejected Keys:

[root@salt-master ~]# salt '*' test.ping
salt-client01:
True

[root@salt-master ~]# salt '*' cmd.run 'echo hello world'
salt-client01:
hello world

[root@salt-master ~]# salt '*' grains.items
salt-client01:
----------
biosreleasedate:
11/12/2020
biosversion:
6.00
cpu_flags:
- fpu

[root@salt-master ~]# salt '*' grains.get hwaddr_interfaces
salt-client01:
----------
ens33:
00:0c:29:c2:80:3b
lo:
00:00:00:00:00:00

[root@salt-master ~]# salt '*' grains.get hwaddr_interfaces:ens33
salt-client01:
00:0c:29:c2:80:3b

[root@salt-master ~]# salt '*' grains.get ip_interfaces:ens33
salt-client01:
- 192.168.111.129
- fe80::cfe3:6f15:94a8:ee48

[root@salt-master ~]# salt '*' grains.item saltversion
salt-client01:
----------
saltversion:
3004.2

[root@salt-master pillar]# grep -Ev "^$|^#" /etc/salt/master
pillar_roots:
base:
- /srv/pillar
[root@salt-master pillar]# systemctl restart salt-master

[root@salt-master ~]# mkdir -p /srv/pillar
[root@salt-master ~]# cd /srv/pillar/

[root@salt-master pillar]# salt '*' pillar.items
salt-client01:
----------

[root@salt-master pillar]# salt '*' pillar.get master:interface
salt-client01:

[root@salt-master pillar]# pwd
/srv/pillar
[root@salt-master pillar]# vi packages.sls

[root@salt-master pillar]# cat packages.sls
{% if grains['os'] == 'RedHat' %}
apache: httpd
git: git
{% elif grains['os'] == 'Debian' %}
apache: apache2
git: git-core
{% endif %}

[root@salt-master pillar]# cat top.sls
base:
'*':
- packages
[root@salt-master pillar]# ll
total 8
-rw-r--r-- 1 root root 136 Dec 19 00:02 packages.sls
-rw-r--r-- 1 root root 28 Dec 19 00:08 top.sls

[root@salt-master pillar]# salt '*' saltutil.refresh_pillar
salt-client01:
True

[root@salt-master ~]# salt "*" cmd.run 'echo oldboy'
salt-client01:
oldboy

[root@salt-master ~]# cat /srv/pillar/top.sls
base:
'salt-client*':
- match: pcre
- packages
[root@salt-master ~]#
[root@salt-master ~]# salt -G 'os:CentOS' test.ping
salt-client01:
True

[root@salt-master pillar]# cd /srv/pillar

[root@salt-master pillar]# cat role.sls
roles: web

[root@salt-master pillar]# cat top.sls

base:
'salt-client*':
- match: pcre
- packages
- role

[root@salt-master pillar]# ls
packages.sls role.sls top.sls
[root@salt-master pillar]# salt '*' saltutil.refresh_pillar
salt-client01:
True
[root@salt-master pillar]# salt '*' pillar.get roles
salt-client01:
web
[root@salt-master pillar]# salt -I 'roles:web' test.ping
salt-client01:
True

[root@salt-master pillar]# salt -I 'roles:web' pkg.install httpd

[root@salt-client01 ~]# tail -f /var/log/messages

[root@salt-client01 ~]# ps aux | grep yum
root 7261 5.7 2.8 1340904 29052 ? S 19:19 0:01 /usr/bin/python /usr/bin/yum -y install httpd
root 7319 0.0 0.0 112812 976 pts/0 S+ 19:19 0:00 grep --color=auto yum

[root@salt-master master.d]# cd /etc/salt/master.d

[root@salt-master master.d]# cat nodegroups.conf
nodegroups:
web-cluster: 'salt-client*'
[root@salt-master master.d]# salt -N web-cluster test.ping
salt-client01:
True

[root@salt-master master.d]# cat nodegroups.conf
nodegroups:
web-cluster: 'salt-client*'
db-cluster: 'salt-client*'
[root@salt-master master.d]# salt -N db-cluster test.ping
salt-client01:
True

[root@salt-master master.d]# salt -C 'G@os:CentOS and salt-client*' test.ping
salt-client01:
True

[root@salt-master pillar]# salt '*' pkg.install httpd

[root@salt-master pillar]# salt-run jobs.list_jobs
20230111132145425440:
----------
Arguments:
Function:
test.ping
StartTime:
2023, Jan 11 13:21:45.425440
Target:
salt-client*
Target-type:
compound
User:
root

###查询以前执行的操作

[root@salt-master pillar]# salt-run jobs.lookup_jid 20230111132145425440
salt-client01:
True

[root@salt-master pillar]# mkdir -p /srv/salt #对应下面的文件

[root@salt-master salt]# vi /etc/salt/master

677 #file_roots:
678 # base:
679 # - /srv/salt ###这里

[root@salt-client01 ~]# cd /etc/httpd/conf

[root@salt-client01 conf]# scp httpd.conf root@192.168.111.128:/srv/salt

[root@salt-master salt]# salt '*' cp.get_file salt://httpd.conf /etc/httpd/conf/httpd.conf ###分发httpd.conf到客户端，可以去salt-client01里面查看/etc/httpd/conf/httpd.conf 文件已经修改了
salt-client01:
/etc/httpd/conf/httpd.conf

[root@salt-master salt]# cp httpd.conf /tmp

[root@salt-master tmp]# salt-cp '*' /tmp/httpd.conf /etc/httpd/conf/httpd.conf ###去客户端查看/etc/httpd/conf/httpd.conf 文件已经修改了
salt-client01:
----------
/etc/httpd/conf/httpd.conf:
True

[root@salt-master tmp]# salt '*' service.start httpd #启动http服务
salt-client01:
True
[root@salt-master tmp]# salt '*' service.stop httpd #关闭http服务
salt-client01:
True

[root@salt-client01 conf]# netstat -tunalp | grep httpd
tcp6 0 0 :::80 :::* LISTEN 12960/httpd
[root@salt-client01 conf]# netstat -tunalp | grep :80
tcp6 0 0 :::80 :::* LISTEN 12960/httpd
[root@salt-client01 conf]# netstat -tunalp | grep httpd
[root@salt-client01 conf]# netstat -tunalp | grep :80

[root@salt-master pengyao]# mkdir -p /tmp/pengyao

[root@salt-master pengyao]# cd /tmp/pengyao

[root@salt-master pengyao]# cat test.yaml
- pengyao
- oldboy

[root@salt-master]# yum install -y python-yaml

[root@salt-master pengyao]# python
Python 2.7.5 (default, Jun 28 2022, 15:30:04)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import yaml
>>> fd = open("test.yaml")
>>> print yaml.load(fd)
['pengyao', 'oldboy']
>>> exit()

[root@salt-master pengyao]# cat parse_yaml.py
#!/usr/bin/env python

import yaml
import sys

fd = open(sys.argv[1])

print yaml.load(fd)

[root@salt-master pengyao]# chmod +x parse_yaml.py

[root@salt-master pengyao]# ./parse_yaml.py test.yaml
['pengyao', 'oldboy']

[root@salt-master pengyao]# ls
parse_yaml.py test.yaml
[root@salt-master pengyao]# cat dict_test.yaml
name: pengyao
site: http://pengyao.org
[root@salt-master pengyao]# ls
dict_test.yaml parse_yaml.py test.yaml
[root@salt-master pengyao]# ./parse_yaml.py dict_test.yaml
{'name': 'pengyao', 'site': 'http://pengyao.org'}

[root@salt-master pengyao]# cat test1.yaml
- pengyao:
- name: pengyao
site:
- http://pengyao.org
- http://www.saltstack.cn
[root@salt-master pengyao]# ./parse_yaml.py test1.yaml
[{'pengyao': [{'name': 'pengyao', 'site': ['http://pengyao.org', 'http://www.saltstack.cn']}]}]

[root@salt-master apache]# cd /srv/salt/apache

[root@salt-master apache]# cat installed.sls
[root@salt-master apache]# cat vhosts.sls
[root@salt-master apache]# cat init.sls
include:
- apache.installed
- apache.vhosts

[root@salt-master apache]# cd ..
[root@salt-master salt]# ls
apache httpd.conf
[root@salt-master salt]# vi top.sls
[root@salt-master salt]# cat top.sls
base:
'*':
- apache

####先找apache/init.sls再找apache.sls

[root@salt-master apache]# cd /srv/salt
[root@salt-master salt]# ls
apache httpd.conf top.sls
[root@salt-master salt]# cd apache/
[root@salt-master apache]# ls
init.sls installed.sls vhosts.sls
[root@salt-master apache]# rm -rf *

[root@salt-master apache]# cp ../httpd.conf .
[root@salt-master apache]# ls
files httpd.conf init.sls

[root@salt-master apache]# mv httpd.conf files/
[root@salt-master apache]# ls
files init.sls

[root@salt-master apache]# salt '*' state.sls apache

[root@salt-master salt]# salt '*' state.highstate #装所有的sls文件里面的服务
salt-client01:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 21:10:26.306698
Duration: 1311.165 ms
Changes:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 21:10:27.621714
Duration: 35.958 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 21:10:27.658846
Duration: 51.403 ms
Changes:

Summary for salt-client01
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
Total run time: 1.399 s

[root@salt-master salt]# salt '*' state.sls apache #只安装某一个模块

[root@salt-master salt]# salt '*' state.highstate test=True #调试
salt-client01:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 21:13:03.779096
Duration: 1237.568 ms
Changes:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: The file /etc/httpd/conf/httpd.conf is in the correct state
Started: 21:13:05.020395
Duration: 26.634 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 21:13:05.048209
Duration: 50.714 ms
Changes:

Summary for salt-client01
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
Total run time: 1.315 s

[root@salt-master apache]# pwd
/srv/salt/apache
[root@salt-master apache]# cat init.sls
apache:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- require:
- pkg: apache
service.running:
- enable: True
- name: httpd
- watch:
- pkg: apache
- file: apache
[root@salt-master apache]# ls
files init.sls
[root@salt-master apache]# cd files/
[root@salt-master files]# ls
httpd.conf
[root@salt-master files]# vi httpd.conf
[root@salt-master files]# pwd
/srv/salt/apache/files
[root@salt-master files]# salt '*' state.highstate
salt-client01:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: All specified packages are already installed
Started: 21:22:30.455836
Duration: 1391.589 ms
Changes:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 21:22:31.851180
Duration: 54.008 ms
Changes:
----------
diff:
---
+++
@@ -353,3 +353,4 @@
IncludeOptional conf.d/*.conf
#oldbody
#oldbody01
+#pengyao
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service restarted
Started: 21:22:31.949331
Duration: 1219.087 ms
Changes:
----------
httpd:
True

Summary for salt-client01
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
Total run time: 2.665 s

[root@salt-master apache]# cat init.sls
apache:
pkg.installed:
- name: httpd
- watch_in:
- service: apache
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- watch_in:
- service: apache
service.running:
- enable: True
- name: httpd

[root@salt-master apache]# cd files/
[root@salt-master files]# ls
httpd.conf
[root@salt-master files]# pwd
/srv/salt/apache/files
[root@salt-master files]# grep ^Listen httpd.conf
Listen {{ port }}

[root@salt-master apache]# pwd
/srv/salt/apache

[root@salt-master apache]# ls
files init.sls

[root@salt-master apache]# cat init.sls
apache:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- require:
- pkg: apache
- template: jinja
- context:
port: 8080
service.running:
- enable: True
- name: httpd
- watch:
- pkg: apache
- file: apache

[root@salt-master apache]# salt '*' state.highstate

[root@salt-client01 ~]# grep ^Listen /etc/httpd/conf/httpd.conf
Listen 8080

[root@salt-master apache]# cat init.sls
[root@salt-master apache]# cat init.sls
apache:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- require:
- pkg: apache
- template: jinja
- context:
{% if grains['id'] == 'salt-client01' %}
port: 8081
{% elif grains['id'] == 'salt-client02' %}
port: 8082
{% else %}
port: 8080
{% endif %}
service.running:
- enable: True
- name: httpd
- watch:
- pkg: apache
- file: apache

[root@salt-master apache]# salt '*' state.highstate

[root@salt-master apache]# cd /srv/pillar/
[root@salt-master pillar]# ls
packages.sls role.sls top.sls
[root@salt-master pillar]# mkdir apache
[root@salt-master pillar]# ls
apache packages.sls role.sls top.sls
[root@salt-master pillar]# cd apache/
[root@salt-master apache]# vim init.sls
[root@salt-master apache]# cat init.sls
apache:
{% if grains.id == 'salt-client01' %}
port: 8081
{% elif grains.id == 'salt-client02' %}
port: 8082
{% else %}
port: 80
{% endif %}
[root@salt-master apache]# ls
init.sls
[root@salt-master apache]# cd ..
[root@salt-master pillar]# ls
apache packages.sls role.sls top.sls
[root@salt-master pillar]# vim top.sls
[root@salt-master pillar]# cat top.sls
base:
'salt-client*':
- match: pcre
- apache #这里是你当前pillar的目录下面的目录文件名
[root@salt-master pillar]# salt '*' saltutil.refresh_pillar
salt-client01:
True
salt-client02:
True
[root@salt-master pillar]# salt '*' pillar.get apache:port
salt-client02:
8082
salt-client01:
8081

[root@salt-master pillar]# cd /srv/salt/apache
[root@salt-master apache]# ls
files init.sls
[root@salt-master apache]# vim init.sls
[root@salt-master apache]# cat init.sls
apache:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- require:
- pkg: apache
- template: jinja
- context:
port: {{ salt['pillar.get']('apache:port', 80) }}
service.running:
- enable: True
- name: httpd
- watch:
- pkg: apache
- file: apache
[root@salt-master apache]# vim /srv/pillar/apache/init.sls
[root@salt-master apache]# cat /srv/pillar/apache/init.sls
apache:
{% if grains.id == 'salt-client01' %}
port: 8181
{% elif grains.id == 'salt-client02' %}
port: 8182
{% else %}
port: 80
{% endif %}
[root@salt-master apache]# salt '*' state.highstate

[root@salt-master apache]# salt '*' cmd.run 'netstat -ntpl | grep httpd'
salt-client01:
tcp6 0 0 :::8181 :::* LISTEN 3197/httpd
salt-client02:
tcp6 0 0 :::8182 :::* LISTEN 3330/httpd

[root@salt-master apache]# vim /srv/pillar/top.sls
[root@salt-master apache]# cat /srv/pillar/top.sls
base:
'salt-client*':
- match: pcre
- apache
'*':
- system
[root@salt-master apache]# vim /srv/pillar/
apache/ packages.sls role.sls top.sls
[root@salt-master apache]# vim /srv/pillar/system.sls
[root@salt-master apache]# cat /srv/pillar/system.sls
nofile: 102400
[root@salt-master apache]# salt '*' saltutil.refresh_pillar
salt-client02:
True
salt-client01:
True
[root@salt-master apache]# salt '*' pillar.get nofile
salt-client02:
102400
salt-client01:
102400

[root@salt-master apache]# cd /srv/salt/
[root@salt-master salt]# ls
apache httpd.conf top.sls

[root@salt-master salt]# cat top.sls
base:
'salt-client*':
- match: pcre
- apache
'*':
- system

[root@salt-master salt]# cat system.sls
helloworld:
cmd.run:
- name: echo hello world

[root@salt-master salt]# salt '*' state.highstate

salt-client01:

[root@salt-client01 ~]# systemctl stop firewalld

[root@salt-client01 ~]# systemctl disable firewalld

[root@salt-client01 ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux

[root@salt-client01 ~]# reboot

[root@salt-client01 ~]# cat /etc/hosts
192.168.111.128 salt-master
192.168.111.129 salt-client01

[root@salt-client01 ~]# sudo rpm --import https://repo.saltproject.io/py3/redhat/7/x86_64/3004/SALTSTACK-GPG-KEY.pub
[root@salt-client01 ~]# curl -fsSL https://repo.saltproject.io/py3/redhat/7/x86_64/3004.repo | sudo tee /etc/yum.repos.d/salt.repo

[root@salt-client01 ~]# sudo yum clean expire-cache

[root@salt-client01 ~]# sudo yum install salt-minion -y

[root@salt-client01 ~]# sudo systemctl enable salt-minion && sudo systemctl start salt-minion

[root@salt-client01 ~]# grep -Ev "^$|^#" /etc/salt/minion
master: salt-master

[root@salt-client01 ~]# systemctl restart salt-minion

[root@salt-client01 ~]# tail -f /var/log/salt/minion

salt-client02:

[root@salt-client02 ~]# cat /etc/salt/minion_id #增加主机时候需要把这里的内容清空，然后重启服务
salt-client01

[root@salt-client02 ~]#[root@salt-client02 ~]# systemctl restart salt-minion

#新增的节点，主机需要以下操作：

[root@salt-master master.d]# salt-key -L
Accepted Keys:
salt-client01
Denied Keys:
Unaccepted Keys:
salt-client02
Rejected Keys:
[root@salt-master master.d]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
salt-client02
Proceed? [n/Y] y
Key for minion salt-client02 accepted.
[root@salt-master master.d]#
[root@salt-master master.d]#
[root@salt-master master.d]#
[root@salt-master master.d]# salt-key -L
Accepted Keys:
salt-client01
salt-client02
Denied Keys:
Unaccepted Keys:
Rejected Keys:

posted @ 2022-12-18 23:37 网络混混123 阅读(37) 评论(0) 收藏举报

刷新页面返回顶部

wangluohunhun

saltstack学习

公告